Thursday, August 04, 2011

Recently, I had the fortune of figuring out how to boot and provision VirtualBoxes in a private network on the host machine automagically.

First, the primary objectives:

The virtual machines should be connected in a private network on the host machine so that they can communicate securely with each other. The machines should have an ip address in the private address space.

The virtual machines should also be able to communicate with the "outside world". From the point of view of the guest machine, this can be other machines on the same network as the host or the Internet-at-large.

The host machine should be able to network (primarily ssh) with the virtual machines. Typically, this can be done through the router gateway of the host or a "host-only adapter" (a virtual adapter that resides on the host).

Possible Solutions:

TunTap networking. This can be tricky to setup correctly and varies across platforms.

Each VM uses two network interface cards (NICs):- One Host-only adapter with its own dhcp server for the private network OR use the "Internal Network" feature of virtual box.- One bridge adapter that get its ip address from the outside world (possibly the router to which the host machine connects to).

Next, secondary objectives:

We want to boot the VMs automagically, find out the ip address.

Then, we want to ssh into the machine and do provisioning via chef or puppet.

Sunday, July 10, 2011

A while ago, I used the subdomain feature of pastebin to keep track of my public pastes (e.g. hanworks.pastebin.com), but it seems that pastebin has disabled this feature, making retrieval of old pastes difficult (of course, you can sign up). Hence, I am moving over to the really awesome github gist, which supports various markups such as markdown and reST on top of source code syntax highlighting. I also like the fact that there is a "revisions feature" to see previous revisions.

Sunday, June 12, 2011

The main reason why you have apache on mac is because of sharing (system preferences -> sharing -> web sharing). And by default, apache is configured to listen on port 80 and include a bunch of config files in /private/etc/apache2/[users,other]Virtual hosts are not setup by default.

Things I do for running a development server:- changed port to listen on another port (say 8000, 8080)- set up http auth for security reasons

Tuesday, May 31, 2011

Note: For those unfamiliar with the convention eval(uneval(_obj_)), this simply clones _obj_. It is cleaner than traversing each element of _obj_ and it will always be true that uneval(eval(uneval(x))) == uneval(x) and eval(uneval(x)) == deep_copy_of_x . The actual method uneval(_obj_) is a Spidermonkey specific (as of 1.7) extension that is not part of ECMAScript.

Wednesday, May 18, 2011

1. c++ is much much more efficient than java.2. Use short/char instead of int whenever possible (to save memory), esp for arrays. Of course, there is a potential speed / memory trade off here since 4 byte ints register-size, but it doesn't seem to be issue on ACM Timus.3. When memory is an issue, use stdio instead of iostream.4. Using iostream may be "faster" than stdio?5. "Implicit" stack overflow solution:Use #pragma comment(linker, "/STACK:16777216")6. Struct packing (for arrays) may not be memory efficient.7. STL saves coding time.8. Useful: #define FOR(i,n) for(i=0;i<(n);i++)

Java Optimizations:1. Many prints are slower than one single print.2. Buffered Reader/Writer is faster than Scanner.

Thursday, March 24, 2011

If protected-mode virtual interrupts are not enabled, STI sets the interrupt flag (IF) in the EFLAGS register. After the IF flag is set, the processor begins responding to external, maskable interrupts after the next instruction is executed. The delayed effect of this instruction is provided to allow interrupts to be enabled just before returning from a procedure (or subroutine).

Starting with the Pentium Pro, Intel processors have supported out-of-order execution, where instructions are not necessarily performed in the order they appear in the executable. This can cause RDTSC to be executed later than expected, producing a misleading cycle count.[3] This problem can be solved by executing a serializing instruction, such as CPUID, to force every preceding instruction to complete before allowing the program to continue or by using RDTSCP instruction, which is a serializing variant of the RDTSC instruction (starting from Core i7[4]).

The LOCK prefix can be prepended only to the following instructions and only to those forms of the instructions where the destination operand is a memory operand: ADD, ADC, AND, BTC, BTR, BTS, CMPXCHG, CMPXCH8B, DEC, INC, NEG, NOT, OR, SBB, SUB, XOR, XADD, and XCHG. The XCHG instruction always asserts the LOCK# signal regardless of the presence or absence of the LOCK prefix.

Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that your password has been compromised. But, what we definitely don't want is to find out in 2 months that passwords were compromised and we didn't take action.

So, as a proactive measure we've invalidated your SourceForge.net account password. To access the site again, you'll need to go through the email recovery process and choose a shiny new password:

As a SourceForge user, you should already have received notice of our password reset event, also noted on the sourceforge.net login page.

As part of our response we examined account risks. User SSH key data may have been exposed during this incident. This is generally of limited concern since users post only the public key portion of their key pair.

In reviewing the SSH key data you uploaded for your account, we found one or more rows of data that did not appear to be a SSH public key. This could be junk text, private key data, or other data we can't programmatically identify.

Our analysis uncovered (among other things) a hacked SSH daemon, which was modified to do password capture. We don’t have reason to the attacker was successful in collecting passwords. But, the presence of this daemon and server level access to one-way hashed, and encrypted, password data led us to take the precautionary measure of invalidating all SourceForge user account passwords. Users have been asked to recover account access by email.

Sunday, January 02, 2011

1. PAE allows a 32-bit OS to use up to 64 GB of RAM. To utilize this, make sure your cpu supports PAE, and you have to install a PAE-aware kernel.But there is a possible performance hit (that may not be significant)?

What is the overhead, in terms of space and time, of using a PAE enabled kernel as compared to an SMP kernel?

PAE doubles the size of page table entries from 32 bits to 64 bits, as well as adding a small third level to the page tables. This means the maximum amount of kernel memory consumed by page tables per process is doubled to slightly more than 6MB. In the 2.4.18 kernels shipped by Red Hat, this memory comes out of the ~700MB of available memory in the normal kernel zone. In the Red Hat Linux Advanced Server series of kernels, page tables can be located anywhere in physical memory.

The performance impact is highly workload dependent, but on a fairly typical kernel compile, the PAE penalty works out to be around a 1% performance hit on Red Hat’s test boxes. Testing with various other workload mixes has given performance hits ranging from 0% to 10%.

2. top has these shortcut keys: shift-A (to see all fields) and shift-G (to see field groups)3. pinfo is a nice tool if you don't like info4. My emacs and vim config files (a follow up from here)5. Restoring a single file in hg: $ hg cat somefile.c > somefile.c6. indent is a nice tool... but be careful what you do with it.Sample usage: $ indent -kr -nut somefile.c You can also put your settings in a .indent.pro file in the directory of your source code.

About

HanWorks Research is a web-based research organisation. Through wide-ranging and thought-provoking perspectives, it aims to bring to people the latest on technology, politics and social issues around the globe.